Position Description

Cryptographic Key Manager
Primary Location Los Angeles
Possible Hiring Locations Los Angeles
Apply Now


Position Summary:

Plan, implement, document and maintain cryptographic security assets and key management processes used to secure the Internet Domain Name System (DNS) and protect information.

Key Responsibilities:

•    Create, implement and manage cryptographic keys (codes).
•    Plan, implement and upgrade physical and administrative safeguards.
•    Maintain security certificate authority hierarchy and certificate profiles.
•    Write, review, edit, approve and maintain cryptographic key management security documentation and policies.
•    Manage the lifecycle of security certificates, cryptographic keys, and cryptographic devices including Hardware Security Modules (HSMs).
•    Plan and execute DNS security (DNSSEC) Root Key Signing Key (KSK) management ceremonies.
•    Identify and propose process improvements to maintain maximum security and continuous operations.
•    Minimize risks associated with managing cryptographic keys through effective planning and coordination of physical and logical security.
•    Maintain and test disaster recovery plans for key management operations.
•    Prepare responses to third-party security audits.
•    Prepare briefings and attend meetings to discuss ICANN’s execution of its key management responsibilities.
•    Up to 10% domestic and international travel is required.


•    Bachelor’s or equivalent degree in Computer Science, Computer Engineering, Information Technology or related field
•    5 years of progressive, post-baccalaureate experience as a cryptographic key manager or as an IT/IS security analyst, engineer, consultant, or manager
•    Experience must include 3 years in information technology security including Public Key Infrastructure (PKI), logical and physical security, hardware security modules (HSMs), IT security audits, risk management, and development of security policies.
•    Certification required: Certified Information Systems Security Professional (CISSP) or Certified Information Systems Auditor (CISA)
•    Other: Requires up to 10% domestic and international travel. Must be authorized to work full-time in the U.S. without an employer sponsor.

Back Apply Now